| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/spdy/spdy_framer.h" | 5 #include "net/spdy/spdy_framer.h" |
| 6 | 6 |
| 7 #include "base/lazy_instance.h" | 7 #include "base/lazy_instance.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "base/third_party/valgrind/memcheck.h" | 9 #include "base/third_party/valgrind/memcheck.h" |
| 10 #include "net/spdy/spdy_frame_builder.h" | 10 #include "net/spdy/spdy_frame_builder.h" |
| (...skipping 2038 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2049 SpdyFrameReader reader(current_frame_buffer_.get(), | 2049 SpdyFrameReader reader(current_frame_buffer_.get(), |
| 2050 current_frame_buffer_length_); | 2050 current_frame_buffer_length_); |
| 2051 reader.Seek(GetControlFrameHeaderSize()); // Seek past frame header. | 2051 reader.Seek(GetControlFrameHeaderSize()); // Seek past frame header. |
| 2052 bool successful_read = reader.ReadUInt32(&altsvc_scratch_.max_age); | 2052 bool successful_read = reader.ReadUInt32(&altsvc_scratch_.max_age); |
| 2053 reader.ReadUInt16(&altsvc_scratch_.port); | 2053 reader.ReadUInt16(&altsvc_scratch_.port); |
| 2054 reader.Seek(1); // Reserved byte. | 2054 reader.Seek(1); // Reserved byte. |
| 2055 successful_read = successful_read && | 2055 successful_read = successful_read && |
| 2056 reader.ReadUInt8(&altsvc_scratch_.pid_len); | 2056 reader.ReadUInt8(&altsvc_scratch_.pid_len); |
| 2057 DCHECK(successful_read); | 2057 DCHECK(successful_read); |
| 2058 // Sanity check length value. | 2058 // Sanity check length value. |
| 2059 if (GetAltSvcMinimumSize() + altsvc_scratch_.pid_len >= | 2059 if (altsvc_scratch_.pid_len == 0 || |
| 2060 current_frame_length_) { | 2060 GetAltSvcMinimumSize() + altsvc_scratch_.pid_len >= |
| 2061 current_frame_length_) { |
| 2061 set_error(SPDY_INVALID_CONTROL_FRAME); | 2062 set_error(SPDY_INVALID_CONTROL_FRAME); |
| 2062 return 0; | 2063 return 0; |
| 2063 } | 2064 } |
| 2064 altsvc_scratch_.protocol_id.reset( | 2065 altsvc_scratch_.protocol_id.reset( |
| 2065 new char[size_t(altsvc_scratch_.pid_len)]); | 2066 new char[size_t(altsvc_scratch_.pid_len)]); |
| 2066 } | 2067 } |
| 2067 processed_bytes += processing; | 2068 processed_bytes += processing; |
| 2068 continue; | 2069 continue; |
| 2069 } else if (altsvc_scratch_.pid_buf_len < altsvc_scratch_.pid_len) { | 2070 } else if (altsvc_scratch_.pid_buf_len < altsvc_scratch_.pid_len) { |
| 2070 // Buffer protocol id field as in comes in. | 2071 // Buffer protocol id field as in comes in. |
| (...skipping 1208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3279 #else | 3280 #else |
| 3280 WriteHeaderBlockToZ(&frame.name_value_block(), compressor); | 3281 WriteHeaderBlockToZ(&frame.name_value_block(), compressor); |
| 3281 #endif // defined(USE_SYSTEM_ZLIB) | 3282 #endif // defined(USE_SYSTEM_ZLIB) |
| 3282 | 3283 |
| 3283 int compressed_size = compressed_max_size - compressor->avail_out; | 3284 int compressed_size = compressed_max_size - compressor->avail_out; |
| 3284 builder->Seek(compressed_size); | 3285 builder->Seek(compressed_size); |
| 3285 builder->RewriteLength(*this); | 3286 builder->RewriteLength(*this); |
| 3286 } | 3287 } |
| 3287 | 3288 |
| 3288 } // namespace net | 3289 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1123153003:
Reject empty protocol id in HTTP/2 ALTSVC frames. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master